Table of Contents
TikTok has confirmed a zero-day vulnerability that attackers exploited to hijack a number of accounts belonging to celebrities and types. The attackers exploited an unspecified safety flaw within the social media app’s direct messages (DM) function. The agency has managed to cease the assault however not earlier than a couple of huge accounts fell prey to it.
TikTok zero-day vulnerability compromised a couple of huge accounts
Zero-day vulnerabilities are safety flaws that shouldn’t have an official patch or lack public data detailing the flaw. On this case, a vulnerability in TikTok’s DM function allowed attackers to hijack accounts by merely sending a message. The goal solely must open the malicious message. The exploit doesn’t require downloading any file or clicking any hyperlink. Opening the message is sufficient for a consumer handy their accounts to the attacker.
Over the previous week, attackers exploited this vulnerability to hijack a number of distinguished TikTok accounts, together with accounts belonging to Sony, CNN, and Paris Hilton. CNN was reportedly the primary account to fall prey to the assault. The compromised accounts had been subsequently taken down quickly, both by TikTok or the account holders, to forestall abuse. As of this writing, TikTok doesn’t appear to have patched the vulnerability nevertheless it has stopped the assault.
“Our safety workforce is conscious of a possible exploit concentrating on a variety of model and celeb accounts,” TikTok spokesperson Alex Haurek stated in a press release to Forbes. “We have now taken measures to cease this assault and forestall it from taking place sooner or later. We’re working immediately with affected account homeowners to revive entry, if wanted.” Haurek didn’t specify the variety of accounts compromised however stated it’s “a really small quantity.”
TikTok additionally has but to element the vulnerability that allowed attackers to hijack accounts so simply. It in all probability received’t share extra particulars till the flaw is patched. That’s the usual apply with zero-day vulnerabilities. Particulars aren’t shared till the vast majority of customers have put in the patch. Hopefully, the non permanent safety measures towards the flaw are robust sufficient to forestall additional assaults. TikTok customers ought to keep away from opening suspicious DMs.
TikTok has suffered account takeovers on quite a few events previously
This isn’t the primary time a TikTok vulnerability has led to account hijacks. The social media platform suffered comparable assaults on quite a few events previously. Most just lately, an Android app flaw allowed attackers to quietly take over accounts with a single faucet. TikTok has additionally had many different privateness points. You must all the time hold the app up to date and keep vigilant to keep away from privateness and safety points. You’ll be able to replace the app from the Google Play Retailer.